Tuesday, 2015-10-20

« Monday, 2015-10-19 Index Wednesday, 2015-10-21 »
*** lisaclark1 has quit IRC00:02
*** tkelsey has joined #openstack-barbican00:08
*** lisaclark1 has joined #openstack-barbican00:08
*** tkelsey has quit IRC00:13
*** dave-mccowan has joined #openstack-barbican00:27
*** Guest42 has joined #openstack-barbican00:33
*** lisaclark1 has quit IRC00:34
*** lisaclark1 has joined #openstack-barbican00:34
*** gyee has quit IRC00:36
*** su_zhang has quit IRC00:36
*** lisaclark1 has quit IRC00:38
*** lisaclark1 has joined #openstack-barbican01:11
openstackgerritFernando Diaz proposed openstack/castellan: Add testing documentation to Castellan  https://review.openstack.org/23569901:13
*** lisaclark1 has quit IRC01:26
*** Guest42 has quit IRC01:27
*** lisaclark1 has joined #openstack-barbican01:45
*** lisaclark1 has quit IRC01:45
*** lisaclark1 has joined #openstack-barbican01:45
*** alee_out has quit IRC02:00
*** alee has quit IRC02:01
*** vivek-ebay has quit IRC02:13
openstackgerritDave McCowan proposed openstack/barbican: Refactor Base64 use and other changes for Python3  https://review.openstack.org/23363302:25
*** Kevin_Zheng has joined #openstack-barbican02:53
*** zz_dimtruck is now known as dimtruck02:57
*** vivek-ebay has joined #openstack-barbican03:15
openstackgerritFernando Diaz proposed openstack/castellan: Allows Castellan to be able to grab metadata from a Secret  https://review.openstack.org/23738103:15
*** ccneill has joined #openstack-barbican03:22
openstackgerritFernando Diaz proposed openstack/castellan: Allows Castellan to be able to grab metadata from a Secret  https://review.openstack.org/23738103:25
*** lisaclark1 has quit IRC03:33
openstackgerritFernando Diaz proposed openstack/castellan: Add testing documentation to Castellan  https://review.openstack.org/23569903:35
*** dave-mccowan has quit IRC03:52
*** ccneill has quit IRC03:56
*** jaosorior has joined #openstack-barbican03:59
*** dimtruck is now known as zz_dimtruck04:01
*** vivek-ebay has quit IRC04:04
openstackgerritFernando Diaz proposed openstack/barbican-specs: Blueprint defining Barbican Service User  https://review.openstack.org/23738804:13
*** stevemar_ has quit IRC04:34
*** su_zhang has joined #openstack-barbican04:57
openstackgerritMerged openstack/barbican: Updated from global requirements  https://review.openstack.org/23728305:00
*** stevemar_ has joined #openstack-barbican05:02
*** edtubill has joined #openstack-barbican05:18
*** stevemar_ has quit IRC05:28
*** stevemar_ has joined #openstack-barbican05:29
*** jamielennox is now known as jamielennox|away05:39
*** Nirupama has joined #openstack-barbican05:43
*** su_zhang has quit IRC05:50
*** stevemar_ has quit IRC05:51
openstackgerritMerged openstack/barbican: Adds documentation for consumer resource  https://review.openstack.org/23558905:56
*** tkelsey has joined #openstack-barbican06:11
*** stevemar_ has joined #openstack-barbican06:14
*** tkelsey has quit IRC06:15
*** edtubill_ has joined #openstack-barbican06:18
*** edtubill has left #openstack-barbican06:19
*** edtubill_ has quit IRC06:19
*** edtubill_ has joined #openstack-barbican06:20
*** edtubill_ has quit IRC06:20
*** jmckind is now known as jmckind_06:33
*** stevemar_ has quit IRC06:44
*** jaosorior has quit IRC06:45
*** jaosorior has joined #openstack-barbican06:45
*** kragniz has quit IRC06:46
*** shohel has joined #openstack-barbican06:59
*** shohel has quit IRC07:00
*** shohel has joined #openstack-barbican07:01
*** woodster_ has quit IRC07:09
*** everjeje has joined #openstack-barbican07:22
*** tkelsey has joined #openstack-barbican07:45
*** openstackgerrit has quit IRC07:46
*** openstackgerrit has joined #openstack-barbican07:47
*** jaosorior has quit IRC08:23
*** jaosorior has joined #openstack-barbican08:24
*** Kevin_Zheng has quit IRC08:31
*** kragniz_ has joined #openstack-barbican08:41
*** kragniz_ is now known as kragniz08:41
*** stevemar_ has joined #openstack-barbican09:00
*** stevemar_ has quit IRC09:03
*** jamielennox|away is now known as jamielennox09:26
*** mmdurrant has quit IRC10:09
*** jamielennox is now known as jamielennox|away11:00
*** arunkant has quit IRC11:02
*** arunkant has joined #openstack-barbican11:07
*** stevemar_ has joined #openstack-barbican11:45
*** stevemar_ has quit IRC11:48
*** Kevin_Zheng has joined #openstack-barbican11:57
*** mmdurrant has joined #openstack-barbican11:59
*** shohel has quit IRC12:02
*** shohel has joined #openstack-barbican12:04
*** jmckind_ has quit IRC12:08
*** su_zhang has joined #openstack-barbican12:38
*** arunkant has quit IRC12:38
*** arunkant has joined #openstack-barbican12:44
*** shohel has quit IRC13:03
*** shohel has joined #openstack-barbican13:07
*** lisaclark1 has joined #openstack-barbican13:14
*** nelsnelson has quit IRC13:23
*** rellerreller has joined #openstack-barbican13:26
*** alee has joined #openstack-barbican13:27
*** Nirupama has quit IRC13:46
*** su_zhang has quit IRC13:56
*** nelsnelson has joined #openstack-barbican14:08
*** spotz_zzz is now known as spotz14:09
*** kfarr has joined #openstack-barbican14:11
*** jhfeng has joined #openstack-barbican14:13
*** darrenmoffat has quit IRC14:15
*** darrenmoffat has joined #openstack-barbican14:16
*** stevemar_ has joined #openstack-barbican14:16
*** su_zhang has joined #openstack-barbican14:18
*** su_zhang has quit IRC14:19
*** stevemar_ has quit IRC14:20
*** lisaclark1 has quit IRC14:22
*** jmckind has joined #openstack-barbican14:28
*** lisaclark1 has joined #openstack-barbican14:29
*** jmckind is now known as jmckind_14:32
*** jmckind_ is now known as jmckind14:33
*** jhfeng has quit IRC14:38
*** jhfeng has joined #openstack-barbican14:40
*** jaosorior has quit IRC14:47
*** jaosorior has joined #openstack-barbican14:47
*** edtubill has joined #openstack-barbican14:47
*** everjeje has quit IRC14:57
*** kfarr has quit IRC15:01
*** diazjf has joined #openstack-barbican15:05
*** edtubill has left #openstack-barbican15:07
*** edtubill_ has joined #openstack-barbican15:07
*** ccneill has joined #openstack-barbican15:08
*** jhfeng has quit IRC15:10
*** jhfeng has joined #openstack-barbican15:12
*** jhfeng has quit IRC15:13
*** rellerreller has quit IRC15:15
*** shohel has quit IRC15:29
*** jhfeng has joined #openstack-barbican15:42
*** stevemar_ has joined #openstack-barbican15:43
*** vivek-ebay has joined #openstack-barbican15:52
*** jaosorior has quit IRC15:55
*** jaosorior has joined #openstack-barbican15:55
*** gyee has joined #openstack-barbican15:56
*** lisaclark1 has quit IRC15:56
*** lisaclark1 has joined #openstack-barbican15:58
*** DTadrzak has joined #openstack-barbican16:04
*** woodster_ has joined #openstack-barbican16:09
*** zz_dimtruck is now known as dimtruck16:10
*** edtubill_ has quit IRC16:18
*** david-lyle has quit IRC16:18
*** david-lyle has joined #openstack-barbican16:18
*** jmckind is now known as jmckind_16:19
*** lecalcot has joined #openstack-barbican16:24
*** edtubill_ has joined #openstack-barbican16:25
*** lecalcot is now known as leecalcote16:30
*** dimtruck is now known as zz_dimtruck16:33
*** jmckind_ is now known as jmckind16:33
*** su_zhang has joined #openstack-barbican16:40
*** vivek-ebay has quit IRC16:42
*** edtubill_ has quit IRC16:44
*** vivek-ebay has joined #openstack-barbican16:51
*** stevemar_ has quit IRC16:52
*** lisaclark1 has quit IRC16:53
*** jmckind_ has joined #openstack-barbican16:56
*** zz_dimtruck is now known as dimtruck16:57
*** stevemar_ has joined #openstack-barbican16:59
*** jmckind has quit IRC16:59
*** peter-hamilton has joined #openstack-barbican17:07
*** vivek-ebay has quit IRC17:18
*** diazjf has quit IRC17:19
*** kfarr has joined #openstack-barbican17:24
*** lisaclark1 has joined #openstack-barbican17:29
*** vivek-ebay has joined #openstack-barbican17:38
*** kragniz has quit IRC17:39
*** kragniz has joined #openstack-barbican17:39
*** ccneill has quit IRC17:41
*** lisaclark1 has quit IRC17:55
*** ccneill has joined #openstack-barbican17:56
*** diazjf has joined #openstack-barbican18:00
*** jamielennox|away is now known as jamielennox18:02
*** rellerreller has joined #openstack-barbican18:04
openstackgerritAdam Harwell proposed openstack/barbican: Remove old gate code  https://review.openstack.org/21945118:08
rm_workjaosorior: ^^ updated, i assume still relevant?18:08
*** su_zhang has quit IRC18:21
*** mixos has joined #openstack-barbican18:27
*** edtubill_ has joined #openstack-barbican18:30
*** lisaclark1 has joined #openstack-barbican18:32
*** silos has joined #openstack-barbican18:32
*** lisaclark1 has quit IRC18:32
openstackgerritKaitlin Farr proposed openstack/castellan: Update managed object __eq__ and __ne__  https://review.openstack.org/23310518:35
*** lisaclark1 has joined #openstack-barbican18:35
jaosoriorrm_work: yup18:37
*** leecalcote has quit IRC18:43
*** edtubill_ has quit IRC18:45
kfarrdiazjf, do you have a few minutes?  I'm hoping you can help me with this integration with Castellan and Swift's KeyMaster18:51
*** peter-hamilton has quit IRC18:54
diazjfkfarr, sure lets talk in a 1/2 hour if its ok18:58
kfarrdiazjf, sure!  Looking forward to it18:59
diazjfkfarr awesome :)19:00
diazjfI'll ping you when I'm ready19:00
*** gyee has quit IRC19:05
*** jhfeng has quit IRC19:11
*** spotz is now known as spotz_zzz19:15
*** jhfeng has joined #openstack-barbican19:21
*** spotz_zzz is now known as spotz19:22
diazjfkfarr, ready when you are19:28
kfarrokk diazjf19:29
kfarrOk, so the first patch I was looking at was this one, about the keystone middleware context19:30
kfarrhttps://review.openstack.org/#/c/235671/119:30
diazjfAlright so swift has in the pipeline "authtoken keystoneauth"19:31
diazjfwhich contain the attribute "project_id" instead of "tenant"19:31
diazjfas seen in https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_user_plugin.py#L6319:32
kfarrYeah, so the way it looks in Cinder and Nova is they have these context objects that inherit from oslo_context's RequestContext: https://github.com/openstack/oslo.context/blob/master/oslo_context/context.py19:33
kfarrNova's version: https://github.com/openstack/nova/blob/1635086529c43edcb69966c48c41b5fca2d1b26c/nova/context.py19:33
kfarrCinder's version: https://github.com/openstack/cinder/blob/master/cinder/context.py19:33
kfarrAnd so I was just sort of expecting that all OpenStack projects would have the same sort of thing19:33
kfarrBut from what I can tell, Swift doesn't, it just uses that middleware token that you pointed out19:34
kfarrAnd I am trying to figure out how they fit together19:34
*** vivek-ebay has quit IRC19:35
jaosoriorkfarr, diazjf: well, at least in barbican we inherit from oslo_context and then fetch 'tenant' and use 'project' instead19:35
jaosoriorto try to have everything uniform19:36
jaosoriorkfarr, diazjf: https://github.com/openstack/barbican/blob/master/barbican/context.py#L3119:36
diazjfjaosorior, kfarr, Since swift does not have a context derived from oslo.context, I looked into what environmental variable I can access in order to provide a Keystone token. It lead me to env.get('keystone.token_auth').user19:37
kfarrjaosorior thanks!19:37
jaosorioryeah... wish the implementation of the projects didn't defer as much as it does19:39
kfarrjaosorior, diazjf, what I am wondering is it seems a little strange to accept either an oslo_context object or a keystone middleware token, so should Castellan be changed to accept something more generic?19:39
*** lisaclark1 has quit IRC19:39
jaosoriorkfarr: Well, I wish I had a proper answer to that. I don't know :/19:41
kfarrOr should Swift be changed to pass around oslo_context objects instead?19:41
jaosoriorIMO it would be better if Swift was changed19:42
jaosoriorAFAIK oslo.context should be the way to go19:42
*** lisaclark1 has joined #openstack-barbican19:42
*** rellerreller has quit IRC19:42
diazjfkfarr, I'm thinking the usage of project_id and tenant together keeps it backwards compatible with both if anything, but jaosorior has a point.19:43
*** lisaclark1 has quit IRC19:43
kfarrdiazjf, you mean jaosorior's point about maybe Swift should be changed?19:44
diazjfkfarr, yup, but I'm also thinking what if a user creates their own service and wants to use keystone auth middleware?19:45
diazjfmaybe we should support both19:45
*** dave-mccowan has joined #openstack-barbican19:45
*** lisaclark1 has joined #openstack-barbican19:45
kfarrdiazjf, what I meant was I didn't even realize that was an option, I thought all services were supposed to use oslo_context19:45
diazjfkfarr, not 100% sure on that, stevemar_, any opinions on the above.19:46
diazjfkfarr, let me ask in the swift irc19:49
kfarrOk, thanks diazjf!  I'll research a little more19:50
diazjfkfarr, the swift team pointed me to https://github.com/openstack/swift/blob/master/swift/common/middleware/keystoneauth.py19:53
kfarrdiazjf, ok thanks!19:54
*** tkelsey has quit IRC19:55
kfarrOk well, diazjf, if it's ok with you, I'd like to research a little bit more about how everything fits together19:56
diazjfkfarr, of course thanks for the help and feel free to contact me if you need anything19:57
kfarrdiazjf, ok and one more question, do you still have time?19:57
*** lisaclark1 has quit IRC19:57
diazjfyup19:58
diazjfalso my question was confirmed, swift does not rely on oslo.context19:58
kfarrdiazjf, can you please walk me through the steps needed to get the appropriate key from Castellan?  I am a little bit confused about how listing the metadata helps.19:58
*** spotz is now known as spotz_zzz19:58
*** jaosorior has quit IRC19:59
diazjfkfarr, So listing metadata will no be needed for an initial use-case, but it will be needed for future support of rekeying, where the created date must be extracted from a secret.20:00
diazjfIf a secret exceeds a certain date a new key will be generated and used20:00
*** jaosorior has joined #openstack-barbican20:01
*** vivek-ebay has joined #openstack-barbican20:01
*** edtubill_ has joined #openstack-barbican20:01
kfarrah ok diazjf, that makes much more sense20:02
*** spotz_zzz is now known as spotz20:02
*** vivek-ebay has quit IRC20:02
*** vivek-ebay has joined #openstack-barbican20:02
diazjfkfarr, sure and anything you need me to look into, I'd be happy to do so20:02
kfarrdiazjf, how about, instead of have a separate method to list the metadata as you have in this patch: https://review.openstack.org/#/c/237381/20:03
kfarrcould we just a "created" field on the managed object itself?20:03
kfarrJust like how you did for "name"20:03
kfarrcould we just *add a..20:03
diazjfkfarr, the object will need to be created first before the created date can be input20:05
diazjfbarbican generates the date, where as in name, and other attributes we manually add them20:05
kfarrdiazjf, is this for storing or creating keys?20:06
kfarrMore specifically, is swift storing or creating keys?20:07
kfarrBecause when the user retrieves the key, Castellan could just populated a "created" field, using the the created field from Barbican20:09
kfarr* populate20:09
diazjfkfarr, that makes sense. swift will be doing both. I'm a key is no existent it will need to be created, but we only need the created value upon grabbing a key.20:10
diazjfDo you have an examples of a field being populated after a secret has been created?20:11
diazjf^^ actually its just doing so using barbican client, I'm sure20:13
kfarrNot any specific examples, but I'm picturing _created_date is going to be a private attribute, created_date is going to be a property that returns _created_date20:15
kfarrand there will be no option for setting created_date in the constructor because we don't want to encourage people to manually set it20:15
kfarrbut in _get_castellan_object (https://github.com/openstack/castellan/blob/master/castellan/key_manager/barbican_key_manager.py#L411)20:16
kfarrit will set the private _created_date to be whatever barbican says it was20:16
kfarrand we can document that if you call your_managed_object.created_date and it returns None, that means your reference to the object was not the one persisted in your key manager yet20:17
*** tkelsey has joined #openstack-barbican20:18
diazjfkfarr, I'll add a patch for that tonight and abandon the get_meta one. I'll post any questions on the patch.20:18
diazjfthanks for all the details :)20:18
kfarrSure, thanks for working on this!20:19
diazjfkfarr, no prob, and post any questions on https://review.openstack.org/#/c/235671/1 I'll try to answer anything as best I can20:20
*** jmckind_ has quit IRC20:20
rm_workyeah, the whole "is this object persisted or not" stuff is a bit tricky20:22
*** tkelsey has quit IRC20:22
rm_workwhen I wrote all of that in the NEW barbicanclient, I didn't expect it to end up quite so janky :/20:22
rm_workbut it's a complex problem20:22
rm_workthat other people solve by not caring, i think :P20:22
rm_work(what fields can/can't be edited, when the object is in which states"20:23
rm_work)20:23
kfarrlolz rm_work20:23
rm_workyeah, so sorry about that mess, it's mostly my fault20:24
rm_workfor trying to be cute20:24
kfarrI know at least in Java with Hibernate annotations, the way to tell if your object has been persisted is if it has an assigned ID, so your approach seems reasonable to me at least20:24
rm_workyeah, but the whole "prevent editing if the object is in persisted state" thing20:24
rm_workprobably was overkill20:24
rm_worki did like the fancy decorator i made for it though :P20:25
kfarrhaha nice!  Fancy decorators are slick20:25
rm_workwell that plus the caching stuff20:26
rm_workmakes the internals of the objects a bit of a mess20:26
rm_workwhich is "just magic" when it works20:26
rm_workbut is a pain to visualize when editing20:26
*** jsavak has joined #openstack-barbican20:41
*** gyee has joined #openstack-barbican20:43
*** su_zhang has joined #openstack-barbican20:49
*** su_zhang has quit IRC20:53
diazjfkfarr, jaosorior, I was told that it may be hard to implement oslo into swift. I add a swift core as a reviewer to the patch.20:54
*** tkelsey has joined #openstack-barbican20:58
*** tkelsey has quit IRC21:02
*** lisaclark1 has joined #openstack-barbican21:05
kfarrdiazjf, thanks for looking into it, it sounds like adding oslo to all of swift may not be the best option.  I'm not sure if the better option would be to quickly create an oslo context from the keystone middleware token before passing it to castellan, or to adjust castellan to accept multiple kinds of contexts, which still seems kind of strange to me, but maybe it doesn't matter as long as whatever you're passing in has a21:07
diazjfkfarr, keep me posted on whats decided :)21:10
*** jsavak has quit IRC21:12
*** jamielennox is now known as jamielennox|away21:20
*** su_zhang has joined #openstack-barbican21:21
*** alee is now known as alee_afk21:26
*** mixos has quit IRC21:26
*** jamielennox|away is now known as jamielennox21:28
*** alee_afk has quit IRC21:32
*** edtubill_ has quit IRC21:32
*** kfarr has quit IRC21:33
*** stevemar_ has quit IRC21:58
*** stevemar_ has joined #openstack-barbican21:58
*** silos has left #openstack-barbican22:00
*** stevemar_ has quit IRC22:02
*** diazjf has left #openstack-barbican22:03
*** lisaclark1 has quit IRC22:08
openstackgerritDave McCowan proposed openstack/python-barbicanclient: README.rst devstack link not properly displayed  https://review.openstack.org/23573722:10
*** lisaclark1 has joined #openstack-barbican22:13
*** nelsnelson has quit IRC22:21
*** jhfeng has quit IRC22:26
*** spotz is now known as spotz_zzz22:27
*** jamielennox is now known as jamielennox|away22:31
*** alee_afk has joined #openstack-barbican22:32
*** jongchoi has joined #openstack-barbican22:36
*** jongchoi has quit IRC22:36
*** dimtruck is now known as zz_dimtruck22:40
*** lisaclark1 has quit IRC22:44
*** lisaclark1 has joined #openstack-barbican22:44
*** jaosorior has quit IRC22:47
*** jaosorior has joined #openstack-barbican22:47
*** lisaclark1 has quit IRC22:48
*** edtubill has joined #openstack-barbican23:21
*** tkelsey has joined #openstack-barbican23:29
*** ccneill has quit IRC23:31
*** jamielennox|away is now known as jamielennox23:32
*** tkelsey has quit IRC23:33
« Monday, 2015-10-19 Index Wednesday, 2015-10-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!